GDPR- Unlearn and re-learn: Busting the GDPR Myths

GDPR- Unlearn and re-learn: Busting the GDPR Myths

If a sapling was planted every time there was a misconception about GDPR, we'd have probably defeated global warming by now. Any new revolution, be it in technology, philosophy or any other dimension, always creates chaos and confusion during its inception, bringing along with it, a plethora of misconceptions as well. However, it is time we got it all cleared from our heads. 

You might have been a victim of this contagion as well, or have you not? Let us unlearn the (un)popular misconceptions and try to bring in the clarity of crystals to our GDPR understanding.

Consent is an alias of GDPR

The worst of dreams by the GDPR experts will probably involve them yelling 'Consent alone is not GDPR!!', into the psychic space of their co-workers. Because this is, by far, the biggest misunderstanding. GDPR does put high emphasis on consent, but it is not the whole picture. 

There are six lawful bases and they're all equally valid. Say you are a firm based out of Amsterdam and you are employing locals. You don't need to get their consent for storing their information on your register, because the law mandates it. It will fall under the 'legal obligation' umbrella. If a person gets interested about your product and asks for a quote, you don't have to bother him with consent. Because you can process his contact information based on 'Contract'.

Hence, we must keep an open eye and consider all the six lawful bases before applying them to our data processing activities.

Consent is just a check box

Most of us are thinking that the holy check in 'I agree to the Terms & Conditions and Privacy Policy' is the consent we need. Well, no! In fact, that is the first example of what is not a consent, in the ICO website.

There are specific rules to be kept in mind when consent is taken. We must first state all ways in which we shall process the data we are collecting. And furthermore, we must not make it a precondition of a service, which is exactly what we do with the 'I agree to the Terms & Conditions and Privacy Policy' check box. Consent must be given freely with no pre-checked boxes. And even if the boxes are not checked by the subject, the service must not be denied. Hence, before taking the consent route, the whole processing tree must be analysed, and the decision on whether or not to take this route should be made.

GDPR is the Villain


When GDPR first came into picture, there was a massive wave of negativity that accompanied it. Social media was flooded with posts talking about how GDPR will cause a huge expense hole in organisations’ budget and why it will create so many problems that didn’t exist in the first place. Many organisations, by default, assumed that they shall end up non-compliant and some of them even expressed their idea of conjuring up funds for a possible fine due to non-compliance. One could almost feel the need to hit the psychological reset button.


However, we must understand in our bones that GDPR is a set of laws that just demand  Good Business Practice; GDPR must be welcomed with positivity because not only does it provide a company with a better legal and policy framework, but it brings acompetitive advantage as well.


GDPR, in many ways, will change the way businesses are conducted, but one of the main shall be the cognitive advantage that a company shall possess in the minds of its clients, when it becomes GDPR compliant. A GDPR compliant company shall do better positioning in their customer’s head when they can flaunt their compliance tag.


My business is small, so I'm kind of exempt.


Only in specific cases like the one for appointing a DPO, does the GDPR talk about company sizes. GDPR has an attitude and it doesn't care about your firm's size. If you happen to, in anyway, cross any data path of any EU resident, you are under the GDPR radar.

Forget small business! Even if you're a solo-pruner who runs a fashion blog, with an emailing list under your sleeve, you must be GDPR compliant.


I don't collect data from users, so I'm cool.


No, you're not. GDPR originates from 'what data you hold', which means that not only a massive introspection into
your data inventory is needed, but also an analysis of 'all' data that you have on subjects is required. Even if you don't collect data through web forms or portals, you still need to worry about the data pertaining to EU subjects. 

You might scrap the publicly available information on individuals and try to convert them into leads. You might even have purchased your competitor's leads (Highly not recommended, though. Just saying) or it could be a person on social media who has liked your page. In all these cases, though you haven't obtained data from the user directly, you still have to respect the data you have on him/her and process it under the GDPR.


There is only one type of consent


Firstly, there's private data and sensitive data. The former refers to data like the IP address, pin code etc., while the latter covers aspects like religion, sexual orientation etc. Naturally, the consent mandated for these types vary.

There are two types of consent : Explicit & Implied Consent


Implied consent is when the subject, by providing you a particular data, is accepting it to be used in a certain way. In effect, you don't have to shout out loud by asking him to check a box, but you can just 'imply' consent by stating the way the data is going to be used. But it does have to be unambiguous, which means there should not be more than one interpretation possible for that particular way in which you plan to use the data. Explicit consent is where the subject literally says 'I agree' to your consent statement, which must clearly state what data you are collecting, how you are going to use it, what it means to your subject and how this data will be transferred and the related risks of the transfer.Yeah, that's a lot. But this consent is required only when sensitive data is collected. 


I need to be a data democracy: All rights to all


The data subject rights caught so much attention that GDPR pursuers became too obsessed with it. For example, right to be forgotten was seen as a white elephant in the room and it perhaps got too much attention. Not all rights need to be given all the time. GDPR gives us six lawful bases, which is nothing but the underlying reason behind processing of data. And as your reason varies with the kind of data and processing method, the data rights you need to offer shall vary as well. 


Lawful Basis(row)/Rights applicable (column)

Right to be informed

Right of access

Right to rectification

Right to erasure

Right to restrict processing

Right to data portability

Right to object

Rights related to automated decision making

Consent

 Y

 Y


 Y

 Y

Y

 

Contract

 Y

 Y

 Y



 Y


 Y

Legal Obligation

 Y

 Y

 Y

 Y




 Y

Vital Interests

 Y

 Y







Public Tasks

 Y

 Y

 Y




 Y


Legitimate interests

 Y

 Y

 Y

 Y

 Y


 Y

 Y


Consider the above depiction, which correlates between rights and the lawful basis. A data field processed on a basis of contract, cannot be asked to be erased as such. Similarly, a data processed for vital interests cannot be objected. So, being aware of why you process the data that you do, and categorizing them based on applicable rights and lawful basis is an extremely crucial function.


I can use 'Legitimate Interest' for marketing uses relating to personal data, without consent.


The best one is saved for the last, because this is something that can really get you into trouble. Legitimate interest is not the silver bullet you can use when you have run out of options. Usage of legitimate interest has to be weighed against the privacy of the user before it can be applied to a marketing related activity(Any activity, for that matter! ). Even though marketing is an example of legitimate interest given by the ICO itself, it does not rule out the fact that the user must agree to be communicated for marketing. 


A clear 'Opt-in' is always preferred, which is not treated as consent, and it is, in some form, necessary to proceed with marketing communications.

 



    • Recent Topics

    • Stock Count

      The stock count is a nice new feature, but we cannot figure out how to: 1. Use it without assigning to a person, we have a team or one of multiple do stock counts as do most any company. 2. Add any extra fields to what the "counter" sees. The most important

    • If I turn off the Task Prefix & ID in the Portal Configuration section, will it remove the dependencies in my projects?

      Hi all, basically the title, I am new to zoho projects and trying to get my head around some basic principles. Unfortunately I have not found this information via the search option and after deleting yesterday some Phases I had created in the Phases tab,

    • Move a Contact from Current Account to a NEW Account

      I do not believe the functionality to Move a Contact from a Current Account to a New Account is not available. Please someone tell me I am missing something! I have been through designing, developing, using and selling CRM systems for over 25 years and had this functionality20+ years ago in other CRMs.  In the real world people move from one organisation to another. In the sales, finance and technical world it is nice to see the communication history with that person in their old account and also

    • Force Specific Layout for CRM Contacts Portal

      Hello: We're in trial on ZOHO One and looking at the CRM Portal (just for the contacts module). We have a client layout set up for Contacts that is working well for our internally, but for the portal we don't want to require (make mandatory) some of the

    • Automatic Removal of Departments and Groups for Inactive Employees in Zoho One

      Hi Zoho One Team, We hope you're doing well. Currently, when an employee is marked as inactive in Zoho One, they remain listed as a member of their department and associated groups. This creates a challenge in maintaining accurate records and ensuring

    • Zoho Sheets not compatible with Excel/Google Sheets

      In order to share a copy of a Zoho sheet with someone that does not use Zoho, it must be downloaded as MS Excel format and then added to an email.  This is a labor intensive, and frankly confusing process.  I have forgotten to do this before, only to

    • Change eMail Template for Event-Invitations

      Hello ZOHO-CRM Team How I can change the eMail Template for Event-Invitations? I work with the German Version of the Free Version. I know how I can modify eMail alerts or Signature Templates, but where I can other eMails modify you send out? Thank you for your answer. Regards, Juerg

    • Zoho Social integration with Zoho Flow

      Is there any plans for Zoho Social integration with Zoho Flow?

    • Zoho CRM Widget and translations

      Hi everyone! We're building a Widget with zoho-extension-toolkit, how is localization supposed to work? "zet init" created a translations/en.json file, but what should go inside it and how is it supposed to be accessed from the Widget/javascript? Thanks

    • Bienvenue à Zoho FSM : l'optimisation des opérations locales qui offre une expérience de service impeccable

      Nous sommes ravis de vous présenter Zoho FSM, la plateforme de gestion des services terrain de bout en bout. Les solutions de gestion des services locaux s'adressent aux organisations qui effectuent des activités d'installation, de réparation et de maintenance

    • Adding tag to specific record as an acion in a workflow

      Hi! I've created the following workflow in the module 'Leads'. When a record meets the criteria, there should be a tag added to the specific record in the module 'Contacts'. In the module 'Leads', there is a look-up field named 'Kandidaat' which is connected

    • Trying to catch error with ZOHO.CRM.HTTP.get (Response Code)

      Hello, I'm trying to get response header from ZOHO.CRM.HTTP.get, in order to catch error like 404 or something else but it seems that ZOHO.CRM.HTTP.get() method only returns the body of the response, and I see no way to access the headers returned. Is

    • FSM - How to ADD PHOTOS to Estimates & Invoices

      How can you add photos to estimates and invoices that are being emailed to the client so the can see what you are estimating and your completed work?

    • Free developer edition of Zoho CRM

      A question for Zoho and other developers: How can you set up a demonstration version of a Zoho CRM implementation to show employers/clients what can be achieved? Do you pay for Zoho CRM Enterprise/Zoho One for this purpose? Does Zoho offer a free version

    • Can I add Conditional merge tags on my Templates?

      Hi I was wondering if I can use Conditional Mail Merge tags inside my Email templates/Quotes etc within the CRM? In spanish and in our business we use gender and academic degree salutations , ie: Dr., Dra., Sr., Srta., so the beginning of an email / letter

    • Where are scheduled emails stored?

      After you schedule an email to go out through the CRM, how do you go about changing that scheduled email? Or even where can I see the list of emails scheduled to go out? They are not listed in my Zoho Mail account in Outbox which has been the only answer

    • CRM Home Page Dashboard, how can i add zoho desk cases?

      How can i see which tickets are in my group as a dashboard component on the home tab in zoho crm? I don't see any way of adding this.

    • Custom Module missing SDK function fetchRelatedRecords(...) in a Client Script

      Good day, We have added a new module with a Multi-Lookup relation to Contacts.  When we tried to use the fetchRelatedRecords(id, related_list_api_name) function to get Related Records it is missing for our new custom module. https://js.zohocdn.com/crm/5124797/documentation/DotSDK/Modules.html

    • Subform Client Script

      Good day,  I have a subform where users can subscribe to various magazines. I would like to prevent the user from selecting the same magazine twice when adding a new row. Is there a way to prevent the user from doing this? (Can it be done via a client

    • Checklist/ save to onedrive/ a group of items invoicing in Zoho FSM

      hi, is there a way to add a specific checklist to any WO without passing eachtime by the model customization? can we save file such picture directly in our sharepoint ak onedrive? is there any way to add a group of item pre defined to make invoicing easier

    • Serious question: Are there actually "solo-preneurs"/small business owners who made Zoho-one work well for them?

      L.S. After already many years of continued struggle with Zoho-One, I am seriously wondering if there are actually solo-preneurs (one person small business owners - without a large, dedicated IT dept.) who got it (Zoho-One) to work well for their businesses.

    • Calendar Bookings in Recruit

      Hi there, We have recently started using Zoho recruit and although it has some great functionality there are a few gaps that are causing real headaches. One of those being how interviews are scheduled. The majority of our hiring managers are field based

    • Getting Error : Developer Tool Detected

      Hi Team, Getting the error during open the portal, error attached on the same ticket. Please check and help us to resolve the same.

    • Send Zoho Creator Template by Email or sendemail

      Hello All Question:- How we can send the Zoho creator email template using the send email by the workflow or using the Function? by the Workflow sendmail [ from: zoho.adminuserid to: "zohodeveloper@yopmail.com" subject: "Test Template" message: "Test

    • Upgraded to Zoho One but Zoho Meeting still says Free Plan

      I signed-up for the Zoho One plan. When exploring the applications included, I came across a problem with Zoho Meeting. It says it's the free plan. I emailed support but they sent me a link that doesn't work and, when I found the article on my own, it

    • 新年のご挨拶、直近のイベントスケジュール

      🎍🐍謹賀新年🎍🐍 ユーザーの皆さま、明けましておめでとうございます! コミュニティチームの中野です。 本年もよろしくお願い致します。 昨年のZoho Japanコミュニティでは、東京・大阪・名古屋・福岡 4都市でのユーザー交流会開催や、自社最大イベント「Zoholics Japan 2024」でZoho Championの皆さまとのパネルディスカッション、10月の東京ユーザー交流会では本社CRMプロダクトマネージャーを招きロードマップ解説セッションの実施、さらにZohoアンバサダープログラムのローンチ(近日公開予定)など、新たな取り組みに挑戦しました。

    • How to create Item in the Eazy ERP Software ?

      Item Master is used for the creation of an item in the Eazy ERP Software. It is necessary to create items to maintain the stock and pass the transactions in the software. Go to Control Panel > Store > Item Master. An Items window will appear. The user

    • Directly Edit, Filter, and Sort Subforms on the Details Page

      Hello everyone, As you know, subforms allow you to associate multiple line items with a single record, greatly enhancing your data organization. For example, a sales order subform neatly lists all products, their quantities, amounts, and other relevant

    • Request to Customize Module Bar Placement in New Zoho CRM UI

      Hello Support and Zoho Community, I've been exploring the new UI of Zoho CRM "For Everyone" and have noticed a potential concern for my users. We are accustomed to having the module names displayed across the top, which made navigation more intuitive

    • Client script: Can not choose a date field for an onChange field event

      Hi Zoho Team Why can't I choose one of my date fields to trigger an onChange event? Is this a client script limitation, or something wrong with my instance? If it is a limitation, is this mentioned in the documentation anywhere? Thanks. Marcus

    • How to upload mass inventory quantity adjustment with batch number?

      I wanted to clean-up our inventory list; however, I have trouble performing the task as I don't know how to mass upload inventory adjustment with batch numbers. I don't want to do it manually as there are if not thousands at hundreds of inventory tr

    • Power BI connector (Zoho Creator) to Zoho Projects

      How can i connect power bi to Zoho Projects? domain is zoho.com How can i find workspace name, application link name and Report link name?

    • Upgrade User

      Hi Sir/Madame, I have 7 users in my organisation but I need upgrade more space only 2 users. Is it possibe? Thanks

    • Dashboard Auto-refresh

      Why is there no Auto-refresh on the Dashboard? People have been asking for the last 6 years for this function from what I can see in my reasearch, it seems like a very simple intergration for Zoho to achieve. on Sept. 2, 2014, this was added: Support

    • Console error with widget in View mode, not present in Edit Mode with ZOHO.CRM.API.updateRecord(config)

      hello i have that function to update an account records (from a widgets created with sigma) function handleCopyButtonCRMClick() { console.log('handleCopyButtonCRMClick'); /* * Fetch Information of Record passed in PageLoad * and insert the response into

    • add meeting link

      i want to add A meeting link in the mail when the user book the appointment then with the conformation mail i want to add meeting link there

    • Unable to add Guest Members

      We are having issues adding Guest Members to our Cliq account. We have sent out a number of request but it seems that only some people are able to access the platform. Others have received a message stating that they need to be granted access from an

    • CRM x WorkDrive: File storage for new CRM signups is now powered by WorkDrive

      Availability Editions: All DCs: All Release plan: Released for new signups in all DCs. It will be enabled for existing users in a phased manner in the upcoming months. Help documentation: Documents in Zoho CRM Manage folders in Documents tab Manage files

    • Zoho One - White Label

      Releasing a white-label feature for Zoho One, or any software or service, can offer several advantages and benefits for both the company providing the software (Zoho in this case) and its users. Here are some key reasons for releasing a white-label feature

    • Missing parameters in request, any way i can figure out what parameters i need to add?

      const url = "https://people.zoho.com/people/api/forms/json/P_Task/insertRecord"; const inputData = { "Status": "Open", "Description": "Task to set up and configure Zoho Mail on desktop application.", "CreatedTime": "01-Jan-2025 10:30 AM", "Due_Date":

    • Next Page